A new bill introduced in the Senate today by Sens. Patrick Leahy (D-Vt.) and Edward Kennedy (D-Mass.) would place stringent restrictions on disclosures of personal health information and clear up at least some of the confusion surrounding federal privacy rules.
If passed, the new bill would not supplant the Health Insurance Portability and Accountability Act of 1996 but would require the Health and Human Services Department to revise HIPAA rules, according to a six-page summary the senators issued.
“In America today, if you have a health record, you have a health privacy problem,” Leahy said in a statement. He heads the Senate Judiciary Committee, which is expected to consider the bill.
Kennedy said the bill aims to strike a delicate balance between sharing information and protecting patients’ privacy. “For too long, the balance has been tilted too far against patient privacy, and our bill is a needed effort to correct that imbalance,” he said. Kennedy heads the Senate Health, Education, Labor and Pensions Committee.
The Health Information Privacy and Security Act of 2007 would prohibit the disclosure or use of personal health information without authorization from the patient in most cases. It would also allow patients to opt out of electronic systems that store or transmit health records and would require that individuals be notified if their information is disclosed without authorization.
It would establish an Office of Health Information Privacy at HHS and give it enforcement powers. The bill would impose criminal and civil penalties for unauthorized disclosure of patient information and direct the U.S. attorney general to debar health entities from federal programs if they are found guilty of a crime under the act.
It would also allow individuals to sue for damages in cases of unauthorized disclosure and would authorize state attorneys general to sue on behalf of state residents. In addition, whistle-blowers who report violations would be protected from retaliation.
Earlier in the day, participants in a panel discussion in Washington on privacy issues related to health information technology discussed whether the lack of a federal privacy policy was holding up development and implementation of health IT at the national level.
David Merritt, director of the health IT program at the Center for Health Transformation, challenged Democrats to come up with a policy proposal. “I’m starting to think that they’re paying lip service” to the privacy issue, he said.
But Kala Ladenheim, program director at the National Conference of State Legislatures, said the issue is not yet ripe for resolution, and it’s unclear what policies should be handled at the state level. “It’s too soon to lock in on something that’s evolving so fast,” she said.
Tom Wilder, senior regulatory counsel at America’s Health Insurance Plans, disagreed, saying a federal law is needed because the flow of health information does not stop at state borders. “I think having 50 different state laws really causes people a lot of problems,” Wilder said.
Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation, criticized Kennedy for largely ignoring privacy in the health IT bill he introduced last month, which is awaiting action by the full Senate.
From the battlefield to the home front: Managing medical data
Government Health IT presents Col. Claude Hines Jr., program manager for the Defense Health Information Management System, in this recent InSight eSeminar. Col. Hines discusses the health information technology and tactical challenges faced by the military medical community in Iraq, Afghanistan and other areas of conflict. In doing so, he describes the current information technology solutions for transferring clinical data between battlefield care givers to health care personnel at military treatment facilities worldwide.
